On Tue, 16 Feb 1999, der Mouse wrote: Hehe, my bad. For some stupid reason when I was writing that I thought 17h (pop ss) was ret. I really meant C3h which is ret. :) When I say ret I am referring to the x86 assembly language instruction. When I was using ret in the exploit code mailmax would stop overflowing the buffer at it. So I changed the ret to "pop eax; jmp eax" and it never gave me trouble like that again. > > When putting code in the buffer to execute there are no major > > restrictions on character set. The only character I found to > > interfere besides null was 17h (ret). > > It's not clear which character you're referring to here. > > RET is not one of the ASCII mnemonics. You could plausibly be > referring to CR, carriage return, or NL, newline (the latter also known > as LF, line feed). CR is octal 15, hex 0d, decimal 13, while NL is > octal 12, hex 0a, decimal 10. > > 17 hex is ETB. 17 octal is SI. 17 decimal is DC1. > > der Mouse > > mouseat_private > 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:21 PDT